1.To list the password policy on Sun Directory Server 5.2 and later:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"
2.To list LDAP client profiles on LDAP server:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"
3.To test the proxyagent password:
$ ldapsearch -D "cn=proxyagent,ou=profile,dc=example,dc=com" -w password -b dc=example,dc=com objectclass=\*
4.To display the userPassword attribute with pam_ldap authentication for uid=1234:
$ ldapsearch -D "cn=Directory Manager" -w Directory_Manager_password -h LDAP_server -b ou=people,dc=example,dc=com uid=1234 userPassword
5.Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:
$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager"
$ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
6.Modifying the defaultServerList attribute in the simple LDAP client profile:
$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList: 192.168.1.100 192.168.1.101\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
7.When does my proxyagent user password expire?
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime
8.View the default root level ACIs.
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "" -s base "(objectClass=*)" aci
9.Display the root Directory Server Entry (DSE). This is a good test of LDAP connectivity and basic functionality of the Directory Server, as the root DSE has to be available via anonymous bind.
$ ldapsearch -h LDAP_server -s base -b "" "objectClass=*"
10.Changing an LDAP UID
$ ldapmodify -h LDAP_server -D "cn=Directory Manager"
dn: uid=old_uid,ou=people,dc=example,dc=com
changetype: modify
replace: uid
uid: new_uid
-
replace: cn
cn: new_uid
-
replace: homeDirectory
homeDirectory: /home/new_uid
<Ctrl-D>
ldap_modify_s: Operation not allowed on RDN
ldapmodrdn takes as its arguments the DN of the entry to rename and the new RDN. The -r flag removes the old RDN, which would have been kept by default.
$ ldapmodrdn -r -h LDAP_server -D "cn=Directory Manager"
uid=old_uid,ou=people,dc=example,dc=com
uid=new_uid
<Ctrl-D>
Next, change the cn and homeDirectory using ldapmodify.
$ ldapmodify -h LDAP_server -D "cn=Directory Manager"
dn: uid=new_uid,ou=people,dc=example,dc=com
changetype: modify
replace: cn
cn: new_uid
-
replace: homeDirectory
homeDirectory: /home/new_uid
<Ctrl-D>
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"
2.To list LDAP client profiles on LDAP server:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"
3.To test the proxyagent password:
$ ldapsearch -D "cn=proxyagent,ou=profile,dc=example,dc=com" -w password -b dc=example,dc=com objectclass=\*
4.To display the userPassword attribute with pam_ldap authentication for uid=1234:
$ ldapsearch -D "cn=Directory Manager" -w Directory_Manager_password -h LDAP_server -b ou=people,dc=example,dc=com uid=1234 userPassword
5.Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:
$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager"
$ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
6.Modifying the defaultServerList attribute in the simple LDAP client profile:
$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList: 192.168.1.100 192.168.1.101\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
7.When does my proxyagent user password expire?
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime
8.View the default root level ACIs.
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "" -s base "(objectClass=*)" aci
9.Display the root Directory Server Entry (DSE). This is a good test of LDAP connectivity and basic functionality of the Directory Server, as the root DSE has to be available via anonymous bind.
$ ldapsearch -h LDAP_server -s base -b "" "objectClass=*"
10.Changing an LDAP UID
$ ldapmodify -h LDAP_server -D "cn=Directory Manager"
dn: uid=old_uid,ou=people,dc=example,dc=com
changetype: modify
replace: uid
uid: new_uid
-
replace: cn
cn: new_uid
-
replace: homeDirectory
homeDirectory: /home/new_uid
<Ctrl-D>
ldap_modify_s: Operation not allowed on RDN
ldapmodrdn takes as its arguments the DN of the entry to rename and the new RDN. The -r flag removes the old RDN, which would have been kept by default.
$ ldapmodrdn -r -h LDAP_server -D "cn=Directory Manager"
uid=old_uid,ou=people,dc=example,dc=com
uid=new_uid
<Ctrl-D>
Next, change the cn and homeDirectory using ldapmodify.
$ ldapmodify -h LDAP_server -D "cn=Directory Manager"
dn: uid=new_uid,ou=people,dc=example,dc=com
changetype: modify
replace: cn
cn: new_uid
-
replace: homeDirectory
homeDirectory: /home/new_uid
<Ctrl-D>
No comments:
Post a Comment